#!

###########################
# System Settings Global
###########################
config system global
set admintimeout 15
set timezone 26
set gui-utm-monitors disable
set hostname mydomain1-sg0e0
set admin-sport 8443
set admin-https-redirect disable
set optimize-ssl enable
set admin-reset-button disable
set admin-maintainer enable
set sslvpn-cipher-hardware-acceleration enable
set gui-central-nat-table disable
set gui-dns-database enable
set gui-multicast-policy enable
set gui-object-tags enable
set gui-multiple-utm-profiles enable
set gui-endpoint-control disable
set gui-vulnerability-scan disable
set gui-wireless-controller enable
set gui-local-in-policy enable
set gui-explicit-proxy disable
set gui-certificates enable
set gui-dynamic-routing enable
set gui-sslvpn-realms enable
set gui-replacement-message-groups enable
set gui-policy-based-ipsec enable
#
# Session tuning parameter "default":
# 
#set tcp-halfclose-timer 120
#set tcp-halfopen-timer 10
#set tcp-timewait-timer 1
#set udp-idle-timer 180
#
# Session tuning parameter "tuned":
# 
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
#
# Increase log children FortiOS 5.0.6 or higher only:
#
#set miglogd-children 8
#
end
###########################
# System Settings
###########################
config system settings
set strict-src-check disable
set sip-helper disable
set sip-nat-trace disable
set gui-default-policy-columns "#" "policyid" "srcintf" "dstintf" "srcaddr" "dstaddr" "schedule" "service" "authentication" "action" "profile" "logtraffic" "nat" "count"
end
###########################
# System Settings Central-Management
###########################
config system central-management 
set mode normal 
set type fortimanager
set fmg "3.3.3.3"
set schedule-config-restore enable 
set schedule-script-restore enable 
set allow-push-configuration enable 
set allow-pushd-firmware enable 
set allow-remote-firmware-upgrade enable 
set allow-monitor enable 
set fortimanager-fds-override disable 
set vdom root 
set enc-algorithm default
end
###########################
# System Settings Admin
###########################
config system admin
edit admin
set accprofile "super_admin"
set vdom "root"
set password only4mydomain1!
next
edit "FMG-Admin-mydomain1"
set trusthost1 3.3.3.3 255.255.255.255
set accprofile "super_admin"
set comments "Administrator to be used for FortiManager"
set vdom "root"
set password only4mydomain1!
end
###########################
# System Settings Interface
###########################
#config system interface
#edit internal1
#set netbios-forward enable
#end
###########################
# System Settings DDNS
###########################
config system ddns
edit 1
set monitor-interface "wan1"
set ddns-server FortiGuardDDNS
set ddns-domain "mydomain1-sg0e0.fortidyndns.com"
next
end
###########################
# System Settings DNS
###########################
config system dns
set primary 8.8.8.8
set secondary 8.8.4.4
set domain "mydomain1.local"
set cache-notfound-responses disable
set dns-cache-limit 5000
set dns-cache-ttl 1800
end
###########################
# System Settings NTP
###########################
config system ntp
set ntpsync enable
set type custom
set syncinterval 360
#set server-mode enable
#set interface "internal"
config ntpserver
edit 1
set server "ch.pool.ntp.org"
next
end
end
###########################
# System Settings FortiGuard
###########################
config system fortiguard
set port 8888 
set webfilter-cache enable 
set webfilter-cache-ttl 7200
set webfilter-cache-mpercent 2
end
###########################
# System Settings Auto-Install
###########################
#
# Deactivate auto-install-config/image
# from USB disk.
#
config system auto-install 
set auto-install-config disable 
set auto-install-image disable  
set default-config-file fgt_system.conf 
set default-image-file image.out 
end
###########################
# System Settings Autoupdate Schedule
###########################
# 
# Activate autoupdate go get utm updates
# like antivirus, ips etc.
#
config system autoupdate schedule
set status enable 
set frequency every 
set time 06:00
# If "frequency" is set to weekly define one "day"
#
#set day Monday
#
end
#
# Deactivate push updates for fortiguard.
#
config system autoupdate push-update 
#set address 0.0.0.0
#set override disable 
set port 9443
set statu disable
end
